Cryptographic Attacks and Network Security Controls Quiz

Questions and Answers

What is the most significant direct impact of the vulnerability discovered by Wendy on her network?

Attackers may eavesdrop on network communications.

Automated attacks are more likely to succeed.

Attackers may use this information to gain administrative privileges. (correct)

Encryption will not protect credentials for this account.

Which technique is the most effective way to carry out a domain hijacking attack?

Network eavesdropping

ARP poisoning

DNS poisoning (correct)

Social engineering

Which character is the most important to restrict when performing input validation to protect against XSS attacks?

$

< (correct)

!

'

Darren visited a phishing site designed to look like a legitimate banking site after typing the bank's URL. What type of attack is likely taking place?

DNS poisoning

Which technology must be enabled on a wireless network for a Pixie Dust attack to succeed?

WPS

What type of attack is most productive when a website requires complex passwords?

Online brute force

What type of attack likely occurred when Vivian noticed millions of connection attempts from systems around the world that were never completed?

DDoS

Which attack against Bluetooth technology allows the attacker to steal information from the device?

Bluesnarfing

What is the most dangerous consequence of a buffer overflow attack?

Arbitrary command execution

Which of the following would not be considered an OSINT tool?

Vulnerability scans

What cryptographic attack may be used to find collisions in a hash function?

Birthday attack

Which is not a likely consequence of system sprawl?

Improper input validation

Which control would best protect Bob's service from an attack by Mal?

Adding TLS encryption

What is the primary issue that Charlie needs to address regarding the Windows XP systems?

Obsolete operating system

What type of attack is most likely taking place when an end user trying to visit a banking website sees an error message?

Man-in-the-middle

During a security review, Terry identified a system using the RC4 cipher with a 40-bit key to protect communications over Remote Desktop Protocol. What weakness does this pose?

Low encryption strength

What distinguishes a Birthday attack from other cryptographic attacks?

Specifically targets hash functions

What should Val do regarding the self-signed certificates?

Conduct a risk assessment to determine appropriateness

What does the MX record identify?

Mail server for a domain

How should Gina address the vulnerabilities related to port 3389?

Upgrade encryption on the network port

What type of attack is indicated in scenario 30.D?

Phishing attack

What is the purpose of SOA records in DNS?

Provide information about authoritative servers for a DNS zone

What action is recommended for certificates used by external users?

Conduct a risk assessment before deciding

Which feature is typically not supported by mobile device management solutions?

Carrier unlocking

In a round-robin load balancing scenario, which server will receive the next request after Server A?

Server B

What command-line utility can Ben use to identify active network connections and services listening on a Linux system?

netstat

How did the system receive the IP address shown in the ipconfig output?

DHCP

What type of VPN is Tim planning to deploy based on the high-level diagram provided?

Site-to-site VPN

To protect the password file for his service, what can Vince do?

Encrypt the password file